I work in the SAP Security space and qualified as a CISSP last year. From an experience point of view our role is considered valid - I don't have experience of the networking and infrastructure side of things for example and did not have any issues getting certified.

That said don't expect that taking the qualifiaction is going to have any direct relationship with SAP. I recently moved jobs between two Fortune 50 comapnies in SAP Security management roles and the qualification did not seem of interest to my new employer - I don't think it's going to give you an edge in the SAP security employment market unless you are also going to get into the basis and infrastructure area. Similarly the qualification alone is not going to give you enough to bridge into a "hands-on" infrastructure and network security role if you are looking for a change of direction as the knowledge is not detailed enough - it will not tell you how to configure a firewall or perform penetration testing. The application security section if CISSP is very very high level and gets no-where near the complexity of authorisations in SAP. The regulatory compliance aspects like SOX, FDA etc are also glossed at a high level. In my experience, taking the qualification gave me broader contextual understanding and above all as a hobby was very very interesting - the understanding required of other areas is at a high enough level that it is not too dry yet at the same time is worth while.

Net - my advice is that if you do CISSP out of interest and with a view to it making you a more rounded security professional, especially if your bent is more towards management rather than "hands-on" roles. Go in with that mindset and you will find it very worth while. If you are looking at it as an investment to give you an edge in the hands-on SAP Security job market or as a door into network security on its own it's probably not the route to take.

Hope this helps,

Cheers
Chris van Schijndel

Hi,
I would like to know if a SAP security candidate is eligible for the CISSP?
Thanks
Joshua

To answer your question; anyone in the security field can take a CISSP course if you have time and funds. Next you have to pass the CISSP exam. The course and the exam are given by different entities. The course is given by many for example: http://www.intenseschool.com/ . And the exam is given by https://www.isc2.org/ only. I agree with the previous comment. CISSP on you Resume/CV provides some indication of your efforts to understand Security Management at a high level. However even a SAP Security course like the CISSP course is a high level education and does not provide detailed hands on instruction. The CISSP teaches where and how to find the information you need, not “How To” accomplish an operation on any application.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.